Healthcare Cybersecurity Weekly Briefing 8-25-2017

Just as with most of the information that comes out of data breaches, medical info pulled from a hospital or provider breach typically ends up for sale on the dark web. From there, it might be sold off a single time, but more likely it will remain for sale for some time and fall into the hands of multiple buyers. The volume of data that has been captured and posted on the dark web is so great that much of it will never be used.

In this primer, HealthITSecurity.com outlines four key considerations with mobile security. Organizations of all sizes must budget for cybersecurity, choose the right mobile tools, conduct regular employee training, and maintain HIPAA compliance with all devices.

While healthcare cloud can be a boon to security, organizations often hesitate to transition to cloud storage because they are worried that data could become exposed in the cloud. Healthcare entities must ensure that basic data security options are still implemented with cloud computing. This can include data encryption and business associate agreements (BAAs) with cloud service providers (CSPs). That way, providers know when a BAA is liable and when the BAA is not at fault for a potential data security incident. Research indicates that sometimes healthcare organizations might not be fully utilizing cloud security options.

How to Prepare for Cyberattacks That Strike During a Public Health Crisis

The U.S.’s history of preparing for bioterrorism, not to mention the billions of government and taxpayer dollars spent, have created resources and strategies that hospitals should keep pace with and have access to during the next crisis. The first step is to update your existing public health emergency plans to include a cyber element. These plans need to be exercised and corrective actions from those exercises should revise those policies. Similarly, cyber plans must be assessed to take into account public health emergencies.

Progressive health systems see the value of cybersecurity as providing a competitive advantage and ensuring better patient care, said Rich Curtiss, a managing consultant at Clearwater Compliance who specializes in cybersecurity and health data risk management. “However, considering the healthcare sector is woefully behind in adopting information technology, it is difficult to see a horizon that is able to keep up with the velocity of cybersecurity threats,” Curtiss said. “There are a few areas where health systems should be focused on.”

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.